CVE-2014-0835

IBM QRadar SIEM (7.2 MR1 and earlier) is affected by CVE-2014-0835, a Cross-Site Request Forgery that allows an attacker to hijack administrator authentication to modify Auto Update settings. The root cause centers on unauthorized changes to AutoUpdate configuration via CSRF without authenticatio...

CVE-2014-0835

Cross-site request forgery CSRF vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings...

Google Pulls Adware Extensions from Chrome Store

Two Chrome extensions went from legitimate browsing ad-ons to adware-spewing nuisances in the blink of a legitimate transaction. Google recently took action against the Add to Feedly and Tweet this Page extensions, removing both from the Chrome Store after they were sold to adware brokers and fou...

CVE-2013-5568

The auto-update implementation in Cisco Adaptive Security Appliance ASA Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service device reload via crafted update data, aka Bug ID CSCui33308...

Cisco Adaptive Security Appliance Auto-Update Denial of Service Vulnerability

A vulnerability in the auto-update feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause a reload of the ASA. The vulnerability is due to insufficient input validation of auto-update data. An attacker could exploit this vulnerability by...

PT-2013-5647 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 9.0.3.6 and earlier Description: The issue is related to the auto-update implementation, allowing remote attackers to cause a denial of service, resulting in a device reload, via crafted...

Microsoft June 2013 Patch Tuesday updates IE Again

Microsoft took advantage today of its lightest batch of Patch Tuesday security updates this year to release an update to its certificate handling infrastructure. Meanwhile, administrators looking for a patch for a recently disclosed vulnerability by Google engineer Tavis Ormandy will have to wait...

New ZeuS Malware spreading automatically via USB Flash Drives

The notorious Zeus Trojan, a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security...

New ZeuS Malware spreading automatically via USB Flash Drives

The notorious Zeus Trojan, a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security...

Steam Gaming Platform Vulnerable to Remote Exploits; 50 Million at Risk

More than 50 million users of the Steam gaming and media distribution platform are at risk for remote compromise because of weaknesses in the platform’s URL protocol handler, a pair of researchers at ReVuln wrote in a paper released this week. Luigi Auriemma and Donato Ferrante discovered a numbe...

LINE for Android vulnerable in handling of implicit intents

Overview LINE for Android contains a vulnerability in the handling of implicit intents. LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...

Cisco Pulls Back on Routers' 'Supplemental Privacy Policy'

Cisco appears to have retracted a controversial addition to its privacy policy that allowed the company to track data, including complete Internet histories, for users of its Linksys E2700, E3500 and E4500 routers. The policy revisions were part of an automatic firmware update that outraged users...

Ubuntu Update for firefox USN-1463-3

Ubuntu Update for Linux kernel vulnerabilities USN-1463-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN14633.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for firefox USN-1463-3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Firefox 12 Debuts With Silent Update Mechanism

Mozilla has released version 12 of Firefox and the big change in the popular browser is the inclusion of a new update mechanism that will allow users to enable automatic updates that won’t require user interaction. The mechanism is similar to what Google Chrome has and is part of a trend toward...

[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matta Consulting - Matta Advisory https://www.trustmatta.com Restorepoint Remote root command execution vulnerability Advisory ID: MATTA-2011-003 CVE reference: CVE-2011-4201 - Code injection vulnerability CVE-2011-4202 - Privilege escalation through...

Restorepoint 3.2-Evaluation Remote Root Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matta Consulting - Matta Advisory https://www.trustmatta.com Restorepoint Remote root command execution vulnerability Advisory ID: MATTA-2011-003 CVE reference: CVE-2011-4201 - Code injection vulnerability CVE-2011-4202 - Privilege escalation through...

CVE-2011-2954

Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors...

Microsoft Research Team Reports Bugs in Facebook, Google Picasa

Microsoft’s Vulnerability Research team is keeping itself busy finding bugs in other vendors’ products, with the two latest being a vulnerability in Google’s Picasa photo editing and sharing application and a bug in Facebook that could lead to the compromise of a victim’s account. The bug in Pica...

Vulnerability in Google Picasa Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Picasa for Windows version 3.6 build 105.61 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendo...

Vulnerability in Google SketchUp Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google SketchUp version 7.1 Maintenance Release 2 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor...